CVE-2022-49812: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49812 is a memory leak vulnerability discovered in the Linux kernel's bridge driver implementation. The vulnerability was disclosed and documented in May 2025, affecting Linux kernel systems that use the bridge driver for VLAN management (NVD).

The vulnerability exists in the bridge driver's VLAN protocol change handling mechanism. When VLANs are offloaded via switchdev and marked with 'BRVLFLAGADDEDBYSWITCHDEV' flag, the bridge driver redundantly attempts to manage these VLANs through the 8021q driver despite them being already programmed in hardware. This redundant behavior occurs specifically when the VLAN protocol of the bridge changes, where switchdev drivers are notified via the 'SWITCHDEVATTRIDBRIDGEVLAN_PROTOCOL' attribute (NVD, Wiz).

The vulnerability results in memory leaks when deleting VLANs that were programmed via switchdev, potentially leading to system resource exhaustion over time. The issue specifically manifests when changing VLAN protocols on affected systems (NVD, Wiz).

The fix involves modifying the bridge driver to prevent calling the 8021q driver for VLANs that were already programmed via switchdev. This eliminates the redundant operations that cause the memory leaks (NVD).